From owner-freebsd-doc@FreeBSD.ORG  Wed Feb 16 15:25:32 2005
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5A11016A4CE; Wed, 16 Feb 2005 15:25:32 +0000 (GMT)
Received: from eddie.nitro.dk (port324.ds1-khk.adsl.cybercity.dk
	[212.242.113.79])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9733643D3F; Wed, 16 Feb 2005 15:25:31 +0000 (GMT)
	(envelope-from simon@eddie.nitro.dk)
Received: by eddie.nitro.dk (Postfix, from userid 1000)
	id 4A3E711A141; Wed, 16 Feb 2005 16:25:30 +0100 (CET)
Date: Wed, 16 Feb 2005 16:25:30 +0100
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Denis Peplin <den@FreeBSD.org>
Message-ID: <20050216152529.GA24104@eddie.nitro.dk>
References: <42136211.9080908@FreeBSD.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="4Ckj6UjgE2iN1+kY"
Content-Disposition: inline
In-Reply-To: <42136211.9080908@FreeBSD.org>
User-Agent: Mutt/1.5.6i
cc: freebsd-doc@FreeBSD.org
Subject: Re: [PATCH] handbook/firewalls: rewrite warning
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2005 15:25:32 -0000


--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.02.16 18:09:05 +0300, Denis Peplin wrote:

>         <warning>
> -         <para>When working with the firewall rules, always,
> -           always do it on the console of the system running the
> -           firewall or you can end up locking your self out.
> -	   Alternatively, you may setup a cronjob to flush the
> -	   firewall rules say every five minutes.
> -	   This may not be acceptable for a corporate firewall,
> -	   but should be ok for a home firewall.</para>
> +         <para>When working with the firewall rules, be
> +	   <emphasis>very careful</emphasis>.  Some configurations
> +	   <emphasis>will lock yourself out</emphasis> of the server.
> +	   To be on the safe side, you may wish to consider performing
> +	   the initial firewall configuration from the local console
> +	   rather than via <application>ssh</application>.</para>

I would suggest something like:

+	   rather than doing it remotely e.g. via <application>ssh</application>.=
</para>

Just to be a bit more general.  Other than that it looks good to me.

--=20
Simon L. Nielsen

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFCE2Xph9pcDSc1mlERApgUAJ9HhUJBkeP1NkQ6UVA9bIUr8Wa5zwCeO54w
xmb8DOX922Qspq/y/SI6jRs=
=UusJ
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--